Wellbeing Clinic – Privacy Policy
This privacy policy (“Privacy Policy”) applies to personal data that we collect from you as a user of this Site or as a customer. It provides information on what personal data we collect when you visit any Wellbeing Clinic location or make a reservation or purchase via our website www.wellbeing-clinic.uk (the “Site”), why we collect the personal data, how it is used and the lawful basis on which your personal data is processed, and what your rights are under the applicable data protection and privacy laws, including the General Data Protection Regulation (“GDPR”) which became applicable to us and you as of 25 May 2018. Please note that by using our Site or submitting your personal data you are taken to accept the terms of this Privacy Policy.
“Personal data”, as used in this Privacy Policy, means any information relating to you by which you can be identified as an individual.
PERSONAL INFORMATION WE COLLECT FOR THE PURPOSE OF DELIVERING OUR SERVICES
We keep an attendance register in paper and/or electronically which records all appointments for customers attending our clinic to keep a record of how and when you were treated. These records may be used for:
- As a record of your medical conditions, medication and treatments received in our clinic for the purpose of delivering our services and products, to ensure that you receive the most appropriate treatment and for monitoring of the results of the treatments provided;
- We use the information about health complaints and symptoms as well as any relevant medical and family history as reported by you to us for the purposes of making a full Traditional Chinese Medicine diagnosis and formulating your treatment plan;
- Where relevant, we maintain records of the customer’s and/or their next-of-kin consent to treatment for legal, regulatory and insurance purposes;
- We use your GP’s name and address in the event that we need to contact your GP, including in an emergency and to comply with requirements of the Code of Professional Conduct of our professional association body;
- We may use your date of birth to help identify customers with the same name to avoid mistakes being made as to safe and appropriate treatment, for identification purposes if referring a customer to another health practitioner and for identification purposes if writing to a registered medical practitioner so that they can correctly identify the customer;
- Legal or regulatory purposes including as potential evidence in the event of a criminal prosecution, civil litigation, insurance claim or complaint to a regulatory body.
We are required to keep the above customer records for a minimum of 7 years in accordance with the regulations. At any time you may request that updates are made to your contact details.
PERSONAL INFORMATION WE COLLECT VIA OUR WEBSITE
Appointment reservations may be made directly in person, over the phone, or through our online booking system. During the reservation process, we may collect information such as your first and last name, telephone number and/or email address, billing and/or payment information (for further details please also refer to the section below headed “Payment Information”). Online reservations will be processed in accordance with a privacy policy provided during the online reservation process, so please ensure that you read our privacy notice on the reservation website that we may provide to you when we collect or process your personal data.
We may collect personal details you choose to give us when corresponding with us by phone, e-mail, or our website messaging service; by participating in user/customer surveys, or otherwise visiting and interacting with this Site; and personal data that you provide to us in person when you visit our premises. We may combine this information as necessary:
– for internal record keeping ,
– for the purpose of delivering our services,
– in order to process your orders and bookings,
– improvement of our products and services,
– transmission by email of marketing materials that may be of interest to you,
– contact for market research purposes which may be done using e-mail, telephone, fax or mail. Such information may be used to customise or update the Site.
When you visit our Site, our servers may record information about your visit, including information that your browser automatically sends whenever you visit the Site. This log data may include your Internet Protocol (“IP”) address, geographical location, browser type and settings, length of visit, page views, website navigation paths, the date and time of your request.
COOKIES
Our Site uses cookies (small text files placed on your browser) and similar technologies to distinguish you from other users. This is to provide you with a good user experience when you browse our Site, and allows us to provide you with a better service, to monitor and analyse the performance, operation and effectiveness of our website and to ensure our platform is secure and safe to use. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.
HOW DO WE USE YOUR PERSONAL INFORMATION COLLECTED VIA WEBSITE?
We use your personal data collected via website in the following ways:
To provide you with customer services, administer your customer account and contact you regarding your use of the services. Such use is necessary to respond to or implement your request and for the provision of our services.
To acknowledge, confirm, and fulfil your reservations: for example, to process your payment, to send booking confirmation and other actions necessary for the provision of our services.
To contact you in connection with user/customer/member surveys and use any information you choose to submit in response, provided that you gave us your consent to being contacted in this way at the time you provided us with the personal data.
We may use your personal data for other purposes, which you have consented to at the time of providing your data.
DISCLOSURE OF YOUR INFORMATION
Like many businesses, we sometimes hire selected third parties who act on our behalf to support our operations, such as (i) card processing or payment services (see “Payment Information” below), (ii) credit reference agencies to protect against possible fraud, (iii) IT suppliers and contractors (e.g. data hosting providers or delivery partners) as necessary to provide IT support and enable us to provide customer services and other goods/services available on this Site or to customers, (iv) web analytics providers, (v) providers of digital advertising services and (vi) providers of CRM, marketing and sales software solutions. Pursuant to our instructions, these parties may access, process or store your personal data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide.
We may need to disclose your personal data for administrative and legal reasons such as (i) to comply with a legal obligation and/or judicial or regulatory proceedings, a court order or other legal process (ii) to enforce our Terms & Conditions or other applicable contract terms that you are subject to or (iii) to protect us, our customers, or contractors against loss or damage. This may include (without limit) exchanging information with the police, courts or law enforcement organisations.
PAYMENT INFORMATION
Any credit/debit card payments and other payments you make through our Site will be processed by our third party payment providers and the payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. We do not ourselves directly process or store the debit/credit card data that you submit.
We may arrange that card or payment data you submit in support of an order is stored for the purpose of processing your order. We will store this data in accordance with our legal obligations under applicable law and only for so long as legally permitted. You may choose to opt out of us holding your card or payment data, although this means that you will need to re-supply us with card/payment details to for the purpose of making any future purchases.
DATA RETENTION
We will keep your personal data only for as long as is reasonably necessary for the purposes outlined in this Privacy Policy, or for the duration required by any legal, regulatory, accounting or reporting requirements (whichever is longer). In particular:
The cookies placed on your device will be readable by our Site until they expire, or you clear them or dispose of your device.
When you consent to receive marketing communications, we will keep your data until you unsubscribe. You may unsubscribe at any time.
We retain appointment and treatment information for up to 7 years following our last contact with you.
To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process your personal data, applicable legal requirements or operational retention needs, and whether we can achieve those purposes through other means.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.
CHANGES TO OUR PRIVACY POLICY
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. Any changes we may make to our Privacy Policy in the future will be posted on this page – please revisit to see any updates or modifications. If required by the applicable law, we will notify you of any material or substantive changes to this Privacy Policy.
PERSONAL DATA TRANSFER
We currently operate in Europe, and do not need to transfer your personal data outside the European Economic Area (“EEA”). However, some of our providers may transfer personal information to third countries in order to provide support, or because they host information in a third country. For example:
We use Google Analytics to analyse the use of our website. Our analytics service provider generates statistical and other information about website use by means of cookies. The information generated relating to our website is used to create reports about the use of our website. If you wish to opt out of being tracked by Google Analytics please visit http://tools.google.com/dlpage/gaoptout.
SECURITY
Unfortunately, the transmission of information over the internet or public communications networks can never be completely secure. We will take appropriate technical and organisational security measures to protect the personal data that you submit to us against unauthorised/unlawful access or loss, destruction or damage, although we cannot guarantee with complete certainty the security of personal data that you provide to us online. Where we have given you (or where you have chosen) a password or login which enables you to access certain restricted parts of our Site, you are responsible for doing everything you reasonably can to keep these details secret, and you must not share your password or login details with anyone else.
CHANGES OF BUSINESS OWNERSHIP AND CONTROL
We may from time to time expand or reduce our business and this may involve the sale and/or transfer of control of all or part of our operations. Data provided by users or customers will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the data for the proposes for which it was originally supplied to us.
We may also disclose data to a prospective puchaser of our business or any part of it.
In the above instances, we will take steps with the aim of ensuring your privacy is protected.
YOUR PERSONAL DATA PROTECTION RIGHTS
Certain applicable data protection laws give you specific rights in relation to your personal data. In particular, if the processing of your personal data is subject to the GDPR, you have the following rights in relation to your personal data:
Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details such as the purpose of the data processing. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to erasure: You may ask us to delete or remove your personal data, such as where our legal basis for the processing is your consent and you withdraw consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data with so you can contact them directly. We may continue processing personal data where this is necessary for a legitimate interest in doing so, as described in this Privacy Policy.
Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the personal data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to data portability: You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will provide you with your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to object: You may ask us at any time to stop processing your personal data, and we will do so unless we demonstrate compelling legitimate grounds for the processing.
Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.
Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you may report it to the appropriate data protection authority, such as the Information Commissioner’s Office (ICO).
If you wish to exercise any of these rights please contact us as described in the “Contact” section below. We may also need to ask you for further information to verify your identity before we can respond to any request.
CONTACT
Questions, comments or requests regarding this Privacy Policy should be addressed to us by e-mail at contact@wellbeing-clinic.uk or by post using the details provided below:
Wellbeing Clinic
369 Upper Richmond Rd West,
SW14 7NX London
United Kingdom